Centralize Security Configuration Assessment

[Vyom Thaker]

Hello Team,

I am using Wazuh+EFK basic license and I want to get all the results and details of the Security Configuration Assessment (SCA) module centrally. So I can get the results and details of all the agents at the same place. Please guide me in this matter asap.

Any help will be appreciated.

Thanks in advance.

Regards.

[Pacome Kemkeu]

Hello Thaker,If you want to gather the Security Configuration Assessment data across all agents my recommendation is to use the Wazuh API to create a script that loops over the agent list and retrieve the SCA results you need from each of them.These two endpoints would be used following that route:- https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.agent_controller.get_agents
- https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.sca_controller.get_sca_agent
You could store this information in a CSV file and open it using Excel or similar.

From a Wazuh roadmap perspective, this is part of what we call global queries. We want to be able to search through Wazuh state information across all agents; not only related to Security Configuration Assessment (SCA), but also other components such as FIM, vulnerability detector, inventory data.We are in the design phase for this development so we can't really share an ETA, but this is something we are very excited about.Hope this helps!

[Vyom Thaker]

Hello Team,

Any updates on this..??

[Pacome Kemkeu]

Hello Thaker, as I explained already, this is still in development phase. Thus, I can't provide you with a specific date.
You can however take a look at the issue and its ongoing state here:  https://github.com/wazuh/wazuh/issues/8737